Details
-
Bug
-
Resolution: Fixed
-
Low
-
Severity 3 - Minor
-
Description
NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.
Jira Admins can create a persistant XSS on the Incoming Mail configuration page.
When the value
"><script>alert(1)</script>
is inserted into the Witelisted Domain field on the page
/secure/admin/IncomingMailServers.jspa
The javascript persists and executes on page load.
This was tested on Jira version v7.1.9#71013-sha1:1aa0586
Attachments
Issue Links
- is related to
-
JRASERVER-61963 XSS in Mail Whitelist Field
- Closed
- relates to
-
HELIX-462 Loading...